Menu

Blind Auctions

The solidity docs have one way to make blind auctions: everybody submits a hash of their bid, and when the auction's over the bidders reveal the preimages of their hashes to show their bids.

But a blind auction doesn't really need to reveal all the bids. Everybody can just privately send their bids to the auctioneer. The auctioneer's incentive is to publish the highest bid, which is exactly what we want.

So everybody starts out by putting up a deposit, sends their signed messages to the auctioneer, and when the time's up the auctioneer picks a bid to post to the contract, which verifies the bidder's signature and pays the auctioneer.

The Solidity code to verify a signature is pretty simple:

address bidder = ecrecover(sha3(bidvalue), v, r, s);

You can put as many items as you want in the inner section (where bidvalue is), delimited by commas. Take the hash of that, and pass into ecrecover along with v, r, and s, which together make up the digital signature. Then if the signature is valid, ecrecover returns the address that made it.

This gives you a string containing v,r,s which you can send to the auctioneer, who parses it out as documented here. The signing address has to be unlocked, but since you're sending the signature off-chain anyway, you can do it from an offline computer.